package com.example.config.securityAllconfig;

import com.example.filter.JwtFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled= true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyAuthetcationSucessHandle myAuthetcationSucessHandle;

    @Autowired
    private JwtFilter jwtFilter;

    @Autowired
    private MyLogoutSuccesshandle myLogoutSuccesshandle;



    //密码编码器：不加密
    @Bean
    public PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }

    //授权规则配置
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//      默认登录路径localhost:80/login
//      默认登出路径localhost:80/logout
        http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);

        http.authorizeRequests()
                .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .antMatchers("/login","/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**", "/webjars/**").permitAll()  //登录路径放行
                .anyRequest().authenticated()                   //其他路径都要认证之后才能访问
                .and()
                .formLogin()
//                .loginPage("/Login")
                .successHandler(myAuthetcationSucessHandle)//允许表单登录
//                .loginProcessingUrl()   //自定义登录url
//                .successForwardUrl("/loginSuccess")             // 设置登陆成功页
                .and().logout()
                .logoutSuccessHandler(myLogoutSuccesshandle)
                .permitAll()                    //登出路径放行 /logout
                .and()
                .csrf()
                .disable();         //关闭跨域伪造检查   网关 前后端分离  nginx（反向代理）
        http.cors(Customizer.withDefaults());


    }
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOrigin("*"); // 允许所有来源的跨域请求
        configuration.addAllowedMethod("*"); // 允许所有HTTP方法的跨域请求
        configuration.addAllowedHeader("*"); // 允许所有请求头的跨域请求

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}
